IISscan v1.0 scans networks for IIS servers vulnerable to the unicode bug.
3c3d59978a521e77e4cd36649b23cbb404e3411fe080d04a7542b236aa3459adlogin package for linux - backdoored.
26005789c6223882d581a34bd0892e334e1fc46cd32394ee8cc37d48b87679b0Apache-SSL is a set of patches for Apache to create a secure Webserver, based on SSLeay/OpenSSL. It is designed to be small, secure, and efficient.
dfadf144d08e8538be36b7d59b6b23856b5ca250427d66c0c7ce7f8bd8277811Apache is the most popular webserver on the Internet, quite possibly the best in terms of security, functionality, efficiency, and speed.
2b731f71284a31b28d8e553fb5f4917293c1d21e065467b39a50706466f88438UCD-snmp v4.2.1 and below remote root exploit for the long community string overflow on Linux/x86. Tested against Slackware 8.0, includes instructions for finding more offsets. Binds a shell to tcp port 10000.
eb4a50c9c0dd410d730f1d07d223ab85c80cc864aeca71b53ef5631777dff41fNetBSD Security Advisory 2002-004 - An off by one overflow has been discovered in the channel code of OpenSSH versions 2.0 - 3.0.2 can be used to execute code on systems running vulnerable OpenSSH clients and servers. NetBSD fixed this vulnerability in versions 1.5 - 1.5.2 and announced that the fix will be included in NetBSD 1.5.3.
35d64679ad8b60205c3868196bf86fd85e46f45ac237b9994146c212404c430fNetBSD Security Advisory 2002-002 - A buffer overflow found in Gzip can under certain conditions be used to execute shellcode with elevated privileges, for example through certain FTP servers. NetBSD fixed this vulnerability for CURRENT, 1.5 - 1.5.2 and 1.4 - 1.4.3.
0711d864488b65c071d0b4fba53663aada9d306b2d2e0f03d43b2c5e7db33503PHP Nuke 5.X path disclosure vulnerability through modules.php.
449ce4c727ea19f1f0a054b166eb8e1f6d5390c8d988b1c57504ebfc6d2c717aOpenSSH v3.0.2p1 backdoor. The version displayed and magic password is editable.
0261baf78b29d58daa6f9ebc47e470ec7ad0274dd81dfac55ee5236c9bad1ba8Steghide is steganography program which hides bits of a data file in some of the least significant bits of another file in such a way that the existence of the data file is not visible and cannot be proven. Steghide is designed to be portable and configurable and features hiding data in bmp, wav and au files, blowfish encryption, MD5 hashing of passphrases to blowfish keys, and pseudo-random distribution of hidden bits in the container data. It is able to embed data in BMP, WAV, and AU files.
04b1b8dc075d3506a28add758eaf34d83c76ee20d61776afd2582e7a5d347f71Some areas of the Cobalt XTR UI are not .htaccess protected, allowing remote users to exploit the MultiFileUpload.php remote root vulnerability. Requires shell access to exploit. Includes a perl script to base64 encode the time for filename guessing.
0335dc5f5c37c8c68507a7da7f1bc5e9845dec9c23e2c1867d5f13a90ff49b69FreeBSD Security Advisory FreeBSD-SA-02:17 - The mod_frontpage port prior to version mod_portname-1.6.1 contains several remotely exploitable buffer overflows in the fpexec wrapper, which is installed setuid root.
6baaa26e93cb19abe4d52eaea219513b94a7b57aba7a390dac5d9e0085650a3bFreeBSD Security Advisory FreeBSD-SA-02:16 - Versions 4.76 and earlier of the Netscape browser will execute JavaScript contained in gif and jpeg comment blocks, allowing a hostile web server to see what is in your cache.
01e68c967241355e54d0dbda9dfd7c8b5b192f70e3f4324fc7e3b5072fa315c0FreeBSD Security Advisory FreeBSD-SA-02:15 - The port of the cyrus-sasl library prior to v1.5.24_8 contains a format string overflow in the syslog() call. Applications linked to that library could be affected.
ca1331948c84e83bcb66af1dcea4f17326b3ce7aa470a48f16bd1f4ffb9e66d8FreeBSD Security Advisory FreeBSD-SA-02:14.pam-pgsql - The pam-pgsql port prior to v0.5.2 contains a vulnerability which allows remote users to cause arbitrary SQL code to be executed because the username and password given are inserted into a SQL statement with no safety checks.
6e3b0e22ccea6f55953d641696c316bff3e1aa4a2c38403ddae911b7abdcd9c8CERT Advisory CA-2002-07 - A bug in the zlib compression library prior to v1.1.4 manifests itself as a vulnerability in any of the many programs that are linked with zlib, and allows an attackers to mount a dos attack, gather info, or execute arbitrary code. Passing a specially-crafted block of invalid compressed data to a program that includes zlib, the program's attempt to decompress the crafted data can cause the zlib routines to corrupt the internal data structures. Fix available here.
027ea4a9b9fc60c7fe3a2fa2e98a44ecd8a73fe17a8674c2a37e4e3c66be400ePtrace2.4 is a local root exploit for linux kernels prior to v2.4.9 and 2.2.20.
e985a2a3cfca07b197336e769c86daa09d889ea8c80b3e00fc8291655c670ba1Wellenreiter is a GTK/Perl program that makes the discovery and the auditing of 802.11b wireless-networks much easier. It has an embedded statistics engine for the common parameters provided by the wireless drivers, enabling you to view details about the consistency and signal strength of the network. A scanner window can be used to discover access-points, networks, and ad-hoc cards. It detects essid broadcasting or non-broadcasting networks in every channel, automatically switching frequencies. Wellenreiter can run on low-resolution devices that can run GTK/Perl and Linux/BSD (such as iPaqs).
c9b6dc3395ff1b64fbe2b8c00b21bac822f84ceb255603b81ce306b90c3453cdPHP Nuke v5.5 has a cross site scripting vulnerability. Exploit information included.
ea0a2f907d32e11a8d8ea2a9d231190a234851a4b50bf5f9b2a309b314e8c10aHhp-qtip.c is a local root exploit for /usr/bin/tip on BSDI 4.2. Requires access to tip, usually gid(dialer).
68b298f994c8c477f0f7455e566dc8f16aa96901ae020b249e0593c73d2ca8d6Fingerprinting Port 80 Attacks - A look into web server, and web application attack signatures, Part Two. Includes fingerprints, advanced fingerprints, cross site scripting examples, modified headers, more encoding, webserver codes and logging, and more.
d97f5503f10321059cd43269ac5f60529aabdbc377241beee4a5c1b65a186534Increasing Performance in High Speed NIDS is a paper discussing a number of methods to increase performance in Snort and also NIDS in general. Discusses bottlenecks that Snort has, a brief history of snort pattern matching, and the work that Silicon Defense did with Aho-Corasick_Boyer-Moore, discussing the differences between network grep and protocol analysis.
337737f0c2eeefdc2058b99a8043d983e504f5cd46712753df479953689227e6HAP-Linux is a collection of security related patches which are designed to be applied after Solar Designers Openwall patches are installed. Changes include some extra information in the printks, and the ability to allow hard links to files you don't own which are in your group, and the ability to follow links & pipes in +t directories if they are not world-writable. This is useful for getting various daemons to run chrooted as a non-root user, and some secure drop- directory stuff.
552dd35b52705c6f4314d2fbacd357c66afb6fdeeaacea6b3e9985d2b2b25b81RSTunnel (Reliable SSH Tunnel) allows you to tunnel through data between two networks in a secure and encrypted tunnel. It uses SSH to connect the two machines. This will setup a tunnel for you, and make sure that it's constantly running.
664cc131289c8e42c28c00f231c24b43fc2c55c29b427ad43306af3ccb6f6f63Bubblegum is a daemon written in C which watches a file's access, modification, and inode change times, logging the changes. It can run an external command, read files from a filelist, and more.
5c7e9df2bb329004b551a8c035de176728b73494dc8b559eafe3ccef9cc05c2d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed